Error changing user to active=false with oci_identity_domains_user

[jeliker1]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version and Provider Version

% terraform -v
Terraform v1.12.2
on darwin_arm64

• provider registry.terraform.io/oracle/oci v7.29.0

Affected Resource(s)

affected_resources= oci_identity_domains_user
affected_resources=terraform

Terraform Configuration Files

resource "oci_identity_domains_user" "test_user" {
    idcs_endpoint = var.idcs_endpoint
    schemas = ["urn:ietf:params:scim:schemas:core:2.0:User"]
    user_name = var.user_name

    active = var.user_active
    display_name = var.user_display_name

    emails {
        type = "work"
        value = var.email

        primary = true
    }
}

Debug Output

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the
following symbols:
  ~ update in-place

Terraform will perform the following actions:

  # oci_identity_domains_user.test_user will be updated in-place
  ~ resource "oci_identity_domains_user" "test_user" {
      ~ active                                                           = true -> false
        id                                                               = "a736bf595e058fd6d9471754cb18ad68"
        # (18 unchanged attributes hidden)

        # (7 unchanged blocks hidden)
    }

Plan: 0 to add, 1 to change, 0 to destroy.

│ 
│ Error: 400-BadErrorResponse, 
│ Suggestion: Please retry or contact support for help with service: Identity Domains User
│ Documentation: https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/identity_domains_user 
│ API Reference: https://docs.oracle.com/iaas/api/#/en/identity-domains/v1/User/PutUser 
│ Request Target: PUT https://idcs-f74b479abbd240379057587b66a852f1.identity.oraclecloud.com:443/admin/v1/Users/a736bf595e754cb18ad68058fd6d9471 
│ Provider version: 7.29.0, released on 2025-12-16. This provider is 7 Update(s) behind to current. 
│ Service: Identity Domains User 
│ Operation Name: PutUser 
│ OPC request ID: 7091a67ec49b2fbd2eeae44b7486b70d/0018e83489ffde1e3d3611d1c469b4ed 

Panic Output

Expected Behavior

Updating active attribute of oci_identity_domains_user should succeed.

Actual Behavior

Updating active attribute of oci_identity_domains_user does NOT succeed.

Steps to Reproduce

1. terraform apply with var.user_active set true to create user account
2. Change var.user_active to false and apply
3. Note error as shown above

Important Factoids

The OCI CLI may be used to successfully update the user as shown here:

oci identity-domains user patch \
--endpoint $IAM_ENDPOINT \
--schemas '["urn:ietf:params:scim:api:messages:2.0:PatchOp"]' \
--user-id "$USER_ID" \
--operations "$(cat <<EOF
[
  {
    "op": "replace",
    "path": "active",
    "value": false
  }
]
EOF
)"

Notably, the update operation must be an HTTP Patch operation whereas Terraform provider is trying a Put.

References

• https://docs.oracle.com/en-us/iaas/api/#/en/identity-domains/v1/User/PatchUser
  Documentation specifically says Patch is used for User updates not Put